This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Intercept X 2.0 impacting Performance - slow?

On a new software build of windows 10 on a T450 Lenovo, we found that at the end we installed Sophos Endpoint Intercept X 2.0 and it significantly slowed down the computer.  All aspects of the computer became slow.  On first bootup, connecting the Wifi - slow.  On login, the CPU would pin at 100% for long periods of time with high memory usage.  All applications would be slow to open, printing would be very slow. This is a new laptop i5, 8 GB RAM, 256 SSD.

We would remove the Intercept X and the computer would return to normal operation.  Fast bootup, fast login, apps, etc...

Now for this customer, then use Trend Micro as their primary AV.  We have Sophos Intercept X added on for the extra protection. We did not have issues previously until the Intercept X Version went up to 2.0.  Has anyone else noticed a large performance hit with Intercept X 2.0?

[locked by: SupportFlo at 11:42 PM (GMT -7) on 12 Mar 2019]
  • Hello, 


    We, as well as our clients are experiencing exactly the same issue with Intercept X, regardless of hardware configuration. Most of our customers run BitDefender Antivirus through SolarWinds Remote Monitoring and Management (earlier GFI Max). We've configured the BitDefender software to not use behavioral scanning, so that it doesn't crash with anti-crypto software like for example Intercept X. 


    Generally, we've always had reports of slowness after installing our security package, mostly though it was due to a combination of 4GB RAM and HDDs and generally age of the computers of our clients. The problem since 2.0 however, has appeared also on PCs with 16GB+ RAM, and top-shelf SSDs. 


    What our clients (and us as well) experience is basically this - Some programs just suddenly freezing out of nothing for like 3-10 seconds, some programs just crashing (IE for example, i know this is a known problem), boot time being extended horribly, domain-computers stuck on profile loading and general slowness and worse response time. ALL of this goes away after we uninstall Intercept X. 


    Now, i have read some threads - Most of the responses and "proposed solutions" or "temporary solutions" make no sense. It's all fine and sunshine to do for one or two PC, but once you get up in hundreds, maybe thousands, it's not so fun anymore. Solution for the IE crash problem seems to be to turn off Web Browser scanning - I mean, just that in itself is VERY dangerouns and stupid to do if you are concerned about security. How can Sophos, a company who prouds itself in selling security, even consider these to be viable temporary solutions? Jak suggests disabling functionality to test what is causing it - I suggest to Sophos to improve their logging, so that it isn't necessary for us to DISABLE FUNCTIONALITY to see what is causing trouble. 


    Today we've put in motion every contact we have at Sophos. We're also trying our feedback here on the forums. Let's see what it takes to get our issues sorted out. Response time for the support got better for a while, and now they have disallowed sending mails to, and they ask us to make a ticket. Replies to those tickets seem to come much slower, in addition i have yet to find where i can track back my ticket, if i even can at all... 

  • Krystian Flemming said:

    Now, i have read some threads - Most of the responses and "proposed solutions" or "temporary solutions" make no sense. It's all fine and sunshine to do for one or two PC, but once you get up in hundreds, maybe thousands, it's not so fun anymore. Solution for the IE crash problem seems to be to turn off Web Browser scanning - I mean, just that in itself is VERY dangerouns and stupid to do if you are concerned about security. How can Sophos, a company who prouds itself in selling security, even consider these to be viable temporary solutions? Jak suggests disabling functionality to test what is causing it - I suggest to Sophos to improve their logging, so that it isn't necessary for us to DISABLE FUNCTIONALITY to see what is causing trouble. 

    I absolutely second that.

  • Krystian Flemming said:

    Now, i have read some threads - Most of the responses and "proposed solutions" or "temporary solutions" make no sense. It's all fine and sunshine to do for one or two PC, but once you get up in hundreds, maybe thousands, it's not so fun anymore. Solution for the IE crash problem seems to be to turn off Web Browser scanning - I mean, just that in itself is VERY dangerouns and stupid to do if you are concerned about security. How can Sophos, a company who prouds itself in selling security, even consider these to be viable temporary solutions? Jak suggests disabling functionality to test what is causing it - I suggest to Sophos to improve their logging, so that it isn't necessary for us to DISABLE FUNCTIONALITY to see what is causing trouble. 

    I absolutely second that.

  • I agree with last 2 posts about "temporary solutions". What we need to do is contact all the Sophos Rep , SE we have and pressure Sophos to look in to the issue. I just spoke to our IT director, he doesn’t want to disable Intercept X or part of the option.